|
|
|
|
|
|
by mvanotti
3997 days ago
|
|
|
So, bad certificate HAS to be signed by leaf certificate, and leaf certificate HAS to be trusted. (And you need two CAs with the same keys) openssl would accept certs that have been issued by a non-ca cert (which is trusted). So if you have control over the leaf cert, you can just use it for contacting openssl. If you don't have control over the leaf cert, you can't issue a bad cert. Am I missing something? |
|
|